mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
5c26296b9f
Sometimes network events come with an operation keyword looking like file_perm which makes them look like file events. Instead of ignoring these events (which was a hotfix to avoid crashes), improve the type detection. In detail, this means: - replace OPERATION_TYPES (which was basically a list of network event keywords) with OP_TYPE_FILE_OR_NET (which is a list of keywords for file and network events) - change op_type() parameters to expect the whole event, not only the operation keyword, and rebuild the type detection based on the event details - as a side effect, this simplifies the detection for file event operations in parse_event_for_tree() - remove workaround code from parse_event_for_tree() Also add 4 new testcases with log messages that were ignored before. References: a) various bugreports about crashes caused by unexpected operation keywords: https://bugs.launchpad.net/apparmor/+bug/1466812 https://bugs.launchpad.net/apparmor/+bug/1509030 https://bugs.launchpad.net/apparmor/+bug/1540562 https://bugs.launchpad.net/apparmor/+bug/1577051 https://bugs.launchpad.net/apparmor/+bug/1582374 b) the summary bug for this patch https://bugs.launchpad.net/apparmor/+bug/1613061 Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.10. |
||
|---|---|---|
| .. | ||
| doc | ||
| include | ||
| m4 | ||
| src | ||
| swig | ||
| testsuite | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING.LGPL | ||
| INSTALL | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
What little documentation exists is in src/aalogparse.h. Please file bugs using https://bugs.launchpad.net/apparmor/+filebug